Case Scenario: Choosing Where to Direct Output
You are working as an application developer in the Application Development department at A Datum Corporation. An application you helped develop has been deployed for about a month, and users have started complaining that performance is sluggish. The Database Administrator (DBA) of your company has been warning the Application Development department that the forecasted load for the new deployments would be too much for the current SQL Server database. Although there are noted hardware deficiencies, the DBA is sure that the many connection timeouts that are occuring are caused by connection leaks. The Network Administrator also had concerns that the Web servers were not going to be able to address the additional load.
The Corporate Vice President recently requested from the Application Development department a definitive list of everything that would be necessary to fix the problem "once and for all." He said that he's willing to purchase whatever resources are necessary, but any additional equipment that needs purchased that is not included in the memo will be purchased with your department's bonus pool money. He also indicated that he wants all the problems fixed, so any bugs that might be causing performance issues in addition to the database and Web server deficiencies had better be included in the memo. Your boss comes by your office and instructs you to write up the list. What do you do to solve this problem?
Image from book
Answers
To find out exactly what is needed, you will need to employ a strategy that encompasses the following tasks:
Rework the Data Access Layer components to include the use of performance counters. Use the .NET Data Provider for SQL Server. Track all the metrics related to Connection objects because there's a suspicion of a leak. Specifically, carefully watch the number of pooled connections and the number of reclaimed connections monitors.
On each of the Web components, add counters corresponding to ASP.NET. The Web server is a suspected cause of the performance issues, but it's not suspected to be as significant a cause as the database, so a small sample of counters should suffice.
Monitor the network utilization of your application by including the .NET CLR Networking performance counter.
On the client code, put similar measurement strategies in place. Keep track of memory utilization, network traffic, and file input/output.
Use the Windows event log to log any conditions where the application causes processor utilization to go above a given threshold.
Include assertions throughout your code to ensure that all your assumptions are correct.
Enable tracing, and insert copious code to track all instances of exceptions and items that caused them.
Friday, July 4, 2008
Windows management Instrumentation .NET
WMI - To monitor and manage System, application and devices using Windows Management Instrumentation
Detecting Management Event
Network adapters.
Logical drives on a machine
A list of OleDb-compliant databases on the network
A list of Windows Services on a machine and their respective states
Image from book
Answers
Correct Answer: C
Incorrect: Network Adapters can be discovered using WMI.
Incorrect: Logical drives can be discovered and interrogated using WMI.
Correct: Although some database information can be retrieved using WMI, a list of all OleDb-compliant databases cannot be determined using the WMI query syntax
Incorrect: A list of Windows Services running on a machine, and their respective states, can be queried via WMI.
Detecting Management Event
- WMI is a component of the Windows operating system that provides monitoring functionality that spans virtually every machine resource.
- The EventQuery class is used within the .NET Framework to represent a WMI query.
- The Win32_Service object can be used to query information about Windows services.
- The ManagementQuery base class is used as a foundation for all management query objects.
- The ManagementObjectSearcher is used to query system resources through WMI.
Network adapters.
Logical drives on a machine
A list of OleDb-compliant databases on the network
A list of Windows Services on a machine and their respective states
Image from book
Answers
Correct Answer: C
Incorrect: Network Adapters can be discovered using WMI.
Incorrect: Logical drives can be discovered and interrogated using WMI.
Correct: Although some database information can be retrieved using WMI, a list of all OleDb-compliant databases cannot be determined using the WMI query syntax
Incorrect: A list of Windows Services running on a machine, and their respective states, can be queried via WMI.
Monitoring .NET Performance
- A process is an executing application, with a unique identifier to differentiate it from other processes. Processes are mechanisms that allow applications to run safely isolated from other applications.
- The two primary classes for directing output from an application are Debug and Trace. The Trace class listener object is enabled by default in .NET applications. Listener objects are the mechanisms by which Debug and Trace output can be handled. The XmlTextWriterListener allows Debug and Trace output to be written with detailed information stored in predefined Xml attributes. The Assert method of both the Debug and Trace classes forces an examination of a condition, and based on the evaluation, it will let the application continue to run or break into the debugger. The Break method of the Debugger class causes an application's execution to stop at a specific breakpoint.
- The Start method of the Process class allows applications to be started programmatically. The GetProcesses method of the Process class returns information about all running processes on a machine. If information about a specific process is needed (as opposed to general information about all processes), the GetProcessByName or GetProcessById methods should be used.
- To pass values into the constructor of the Main method, command-line arguments can be specified.
- The StackTrace object provides detailed information about the state of execution for a given application. StackFrame objects make up the StackTrace object. However, they are intended to support the .NET Framework and should not be used directly.
- Because String objects are reference types, they pose a potential security vulnerability when used to store passwords. In the current version of the .NET Framework, the SecureString class is provided to manage sensitive data.
- PerformanceCounter objects are mechanisms that allow specific measurement of an application's resource utilization.
Questiosn and Answers
1.
Which method will start an instance of Internet Explorer and specify the URL "http://www.microsoft.com" for it to navigate to?
1.
Process.Start("iexplore.exe");
2.
Process.Start("InternetExplorer, http://www.microsoft.com");
3.
Process.Start("iexplore.exe", "http://www.microsoft.com");
4.
Process.Run("iexplore.exe", "http://www.microsoft.com");
Image from book
2.
Assume that the following code was just run. Which answer illustrates how to specifically output the current StackTrace to the console window?
' VB
Try
Dim x as Int32 = 1
x = x - 1
Dim i as Int32 = 10 / x
Catch Problem as DivideByZeroException
'This is the code to fill in
End Try
// C#
try
{
Int32 x = 1;
x--;
Int32 i = 10 / x;
}
catch (DivideByZeroException Problem)
{
//This is the code to fill in
}
1.
Debug.Assert(Problem.Message);
2.
Debug.Assert(false, Problem.ToString();
3.
Console.WriteLine(Problem.ToString());
4.
Console.WriteLine(Problem.StackTrace.ToString());
Image from book
3.
Which method is appropriate to specify a password when starting a process?
1.
Use a String variable that contains the password.
2.
Use an Array of type Char
3.
Use an Array of type String coupled with an Integer reference to the password's index in the array.
4.
Use a SecureString object.
Image from book
Answers
1.
Correct Answer: C
1.
Incorrect: Although this method will start an instance of Internet Explorer, it will not navigate to any specific page.
2.
Incorrect: This will treat all of the input as one value and result in an error.
3.
Correct: This method specifies the application name as the first parameter and the correct URL as the only command-line argument.
4.
Incorrect: Process.Run is not a method of the Process class.
2.
Correct Answer: D
1.
Incorrect: Debug.Assert takes an expression to evaluate, not a String.
2.
Incorrect: This method will cause the assertion to fail but will not output the StackTrace. Instead, it will output the entire exception. Furthermore, it will not direct the output to the console window.
3.
Incorrect: This call will output the StackTrace to the console window, but it will output the entire exception as well.
4.
Correct: This method specifically outputs the StackTrace and nothing else, and it writes the output only to the console window.
3.
Correct Answer: D
1.
Incorrect: For security reasons, a String object should not be used for passwords.
2.
Incorrect: A Char array, although different from a String, fails to provide an optimal level of security..
3.
Incorrect: Using one value of a String array has the same effect as using an individual string.
4.
Correct: A System.Security.SecureString is the correct type for the ProcessStartInfo object's Password property. It affords the highest level of security of the methods listed.
Publish Post
Thursday, July 3, 2008
.NET Debug TRACE Listener
- The Debug and Trace classes are two of the primary tools developers can use to examine the execution of their applications while they run.
- The Write, WriteLine, WriteIf, and WriteLineIf methods all can be used to send output to attached listener objects.
- The Assert method of the Debug and Trace classes is one mechanism to test a condition of your code and receive feedback based on that evaluation.
- Listener objects are used as receptacles for Debug and Trace information.
- If no listener object is specified, the DefaultTraceListener is used.
- The XmlTraceListener can be used to output detailed information in XML format.
- The TraceSource class allows the developer to specify information about the source of the trace information
- The TraceSwitch allows the developer to manipulate virtually every aspect of the TraceSource class.
You can use the following questions to test your knowledge of the information in Lesson 2, "Debugging and Tracing." The questions are also available on the companion CD if you prefer to review them in electronic form.
| Answers | Answers to these questions and explanations of why each answer choice is right or wrong are located in the "Answers" section at the end of the book. |
| You need to ensure that the trace from one logical operation is isolated from that of other operations. How do you accomplish this objective? | | |
| To use a specific visualizer object for a given class, which attribute should be used?
| |
Answers
| Correct Answer: A
| |
| Correct Answer: B
|
Event Log
Lesson Summary
*
The Windows event log mechanism is a convenient tool for developers to record information that they think might be useful in the future to system administrators or users.
*
There are myriad ways to log information, but the event log mechanism provides a clean, object-oriented way to handle this task.
*
Use the Source property of the EventLog to define where the information is coming from.
*
Use the EventLogEntryType to specify what type of entry the output will be.
*
The primary object for interacting with the event log system is the EventLog class in the System.Diagnostics namespace.
*
Although the EventLog class provides substantial functionality that is simple to use, it does have overhead in terms of resources. It should be used judiciously.
*
Many security vulnerabilities can be raised when using EventLog objects. Therefore, you should avoid using them in partial trust environments and avoid passing such objects to a partial trust environment.
*
To remove all the entries in an event log, use the Clear method.
*
The Message property of the EventLogEntry is used to read back the information that was written to the EventLog object.
Answers
Answers to these questions and explanations of why each answer choice is right or wrong are located in the "Answers" section at the end of the book.
1.
You need to log application state information for your application. The application will run in a Full Trust environment but will make calls to partial trust assemblies. Which statement best describes how this should be handled?
1.
Use the EventLog class as necessary.
2.
Use the EventLog class in assemblies that will have no contact with the partial trust assemblies.
3.
Avoid the use of EventLog class objects because the security risk is too high.
4.
Use EventLog objects, but ensure that they are specific to this application. If they are used by a partial trust object, create a separate log for security reasons.
Image from book
2.
Which of the following considerations should be taken into account when using EventLog objects? (Choose all that apply.)
1.
They can fill up if overused, so writing to them should be done judiciously.
2.
They should be avoided in all partial trust environments.
3.
They are potential resource hogs, so they should be used judiciously.
4.
They are one of the safest mechanisms available to perform I/O operations, so they should be used wherever possible.
Image from book
3.
What method of the EventLog object should be used to clear an EventLog?
1.
Call the Clear method for each item in the log.
2.
Use RemoveEntries and then call the Clear method.
3.
Use the Clear method.
4.
Use the ClearAll method.
Image from book
4.
What method of the EventLog class should be used to delete an EventLog object?
1.
Use the ClearLog method.
2.
Use the RemoveLog method.
3.
Use the Delete method.
4.
Use the DeleteLog method.
Image from book
5.
Which types of messages can be written to an event log? (Choose all that apply.)
1.
Error
2.
Warning
3.
Information
4.
SuccessAudit
Image from book
6.
Which logs are available by default in the Windows event log mechanism? (Choose all that apply.)
1.
Application
2.
Security
3.
System
4.
Audit
Image from book
Answers
1.
Correct Answer: B
1.
Incorrect: Because the code might be used by partial trust objects that have a malicious purpose, care needs to be taken and EventLog objects should be used with caution.
2.
Correct: EventLog objects are secure to use as long as they are not used by partial trust assemblies. If partial trust assemblies are avoided, there should be no security issues.
3.
Incorrect: It is secure to use EventLog objects as long as they are used with the proper security boundaries in place.
4.
Incorrect: There is no practical way to implement this solution. Therefore, this answer choice is incorrect.
2.
Correct Answer: A, B, and C
1.
Correct: There are disk space limitations, so overuse of EventLog objects can cause problems.
2.
Correct: Use of EventLog objects in partial trust scenarios poses multiple security risks.
3.
Correct: EventLog objects use many system resources, so unrestrained use of them can put unnecessary strains on the system.
4.
Incorrect: They are secure if used correctly; however, they do require special permissions and do have partial trust implications.
3.
Correct Answer: C
1.
Incorrect Calling Clear will handle all entries, so it does not need to be called individually.
2.
Incorrect: The Clear method alone accomplishes the task.
3.
Correct: This is the only available method that accomplishes the task.
4.
Incorrect: There is no ClearAll method. The Clear method accomplishes the task.
4.
Correct Answer: C
1.
Incorrect: There is no ClearLog method of the EventLog class.
2.
Incorrect: There is no RemoveLog method of the EventLog class.
3.
Correct: The Delete method is the only available choice to delete an EventLog object.
4.
Incorrect: There is no RemoveLog method of the EventLog class.
5.
Correct Answers: A, B, C, and D
1.
Correct: Error entries are valid.
2.
Correct: Warning entries are valid
3.
Correct: Information entries are valid.
4.
Correct: SuccessAudit entries are valid.
6.
Correct Answers: A, B, and C
1.
Correct: By default, the Application log is provided.
2.
Correct: By default, the Security log is provided.
3.
Correct: By default, the System log is provided.
4.
Incorrect: Although a specific event log named Audit could be created, there is no such log provided by default.
*
The Windows event log mechanism is a convenient tool for developers to record information that they think might be useful in the future to system administrators or users.
*
There are myriad ways to log information, but the event log mechanism provides a clean, object-oriented way to handle this task.
*
Use the Source property of the EventLog to define where the information is coming from.
*
Use the EventLogEntryType to specify what type of entry the output will be.
*
The primary object for interacting with the event log system is the EventLog class in the System.Diagnostics namespace.
*
Although the EventLog class provides substantial functionality that is simple to use, it does have overhead in terms of resources. It should be used judiciously.
*
Many security vulnerabilities can be raised when using EventLog objects. Therefore, you should avoid using them in partial trust environments and avoid passing such objects to a partial trust environment.
*
To remove all the entries in an event log, use the Clear method.
*
The Message property of the EventLogEntry is used to read back the information that was written to the EventLog object.
Answers
Answers to these questions and explanations of why each answer choice is right or wrong are located in the "Answers" section at the end of the book.
1.
You need to log application state information for your application. The application will run in a Full Trust environment but will make calls to partial trust assemblies. Which statement best describes how this should be handled?
1.
Use the EventLog class as necessary.
2.
Use the EventLog class in assemblies that will have no contact with the partial trust assemblies.
3.
Avoid the use of EventLog class objects because the security risk is too high.
4.
Use EventLog objects, but ensure that they are specific to this application. If they are used by a partial trust object, create a separate log for security reasons.
Image from book
2.
Which of the following considerations should be taken into account when using EventLog objects? (Choose all that apply.)
1.
They can fill up if overused, so writing to them should be done judiciously.
2.
They should be avoided in all partial trust environments.
3.
They are potential resource hogs, so they should be used judiciously.
4.
They are one of the safest mechanisms available to perform I/O operations, so they should be used wherever possible.
Image from book
3.
What method of the EventLog object should be used to clear an EventLog?
1.
Call the Clear method for each item in the log.
2.
Use RemoveEntries and then call the Clear method.
3.
Use the Clear method.
4.
Use the ClearAll method.
Image from book
4.
What method of the EventLog class should be used to delete an EventLog object?
1.
Use the ClearLog method.
2.
Use the RemoveLog method.
3.
Use the Delete method.
4.
Use the DeleteLog method.
Image from book
5.
Which types of messages can be written to an event log? (Choose all that apply.)
1.
Error
2.
Warning
3.
Information
4.
SuccessAudit
Image from book
6.
Which logs are available by default in the Windows event log mechanism? (Choose all that apply.)
1.
Application
2.
Security
3.
System
4.
Audit
Image from book
Answers
1.
Correct Answer: B
1.
Incorrect: Because the code might be used by partial trust objects that have a malicious purpose, care needs to be taken and EventLog objects should be used with caution.
2.
Correct: EventLog objects are secure to use as long as they are not used by partial trust assemblies. If partial trust assemblies are avoided, there should be no security issues.
3.
Incorrect: It is secure to use EventLog objects as long as they are used with the proper security boundaries in place.
4.
Incorrect: There is no practical way to implement this solution. Therefore, this answer choice is incorrect.
2.
Correct Answer: A, B, and C
1.
Correct: There are disk space limitations, so overuse of EventLog objects can cause problems.
2.
Correct: Use of EventLog objects in partial trust scenarios poses multiple security risks.
3.
Correct: EventLog objects use many system resources, so unrestrained use of them can put unnecessary strains on the system.
4.
Incorrect: They are secure if used correctly; however, they do require special permissions and do have partial trust implications.
3.
Correct Answer: C
1.
Incorrect Calling Clear will handle all entries, so it does not need to be called individually.
2.
Incorrect: The Clear method alone accomplishes the task.
3.
Correct: This is the only available method that accomplishes the task.
4.
Incorrect: There is no ClearAll method. The Clear method accomplishes the task.
4.
Correct Answer: C
1.
Incorrect: There is no ClearLog method of the EventLog class.
2.
Incorrect: There is no RemoveLog method of the EventLog class.
3.
Correct: The Delete method is the only available choice to delete an EventLog object.
4.
Incorrect: There is no RemoveLog method of the EventLog class.
5.
Correct Answers: A, B, C, and D
1.
Correct: Error entries are valid.
2.
Correct: Warning entries are valid
3.
Correct: Information entries are valid.
4.
Correct: SuccessAudit entries are valid.
6.
Correct Answers: A, B, and C
1.
Correct: By default, the Application log is provided.
2.
Correct: By default, the Security log is provided.
3.
Correct: By default, the System log is provided.
4.
Incorrect: Although a specific event log named Audit could be created, there is no such log provided by default.
Configuration Section Manager
OverView
-
The IConfigurationSectionHandler interface provides a mechanism to access customized sections of a configuration file.
-
The Create method is the only implementation detail necessary to fulfill the IConfigurationSectionHandler contract.
-
To be used safely, all classes that implement IConfigurationSectionHandler must be both thread safe and stateless.
-
The ConfigSections node of the configuration file is the main mechanism provided for implementing custom sections.
-
ConfigurationSection objects can be used to programmatically add configuration sections, as opposed to manually entering them through the configuration file.
-
To save any changes made to a Configuration object, use the Save method.
-
If an alternate file is to be used for changes to a Configuration object, SaveAs facilitates this.
-
The ApplicationSettingsBase class serves as wrapper to implement configurable application settings in .NET applications.
-
All settings stored by an ApplicationSettingsBase class use the LocalFileSettingsProvider for storage.
You can use the following questions to test your knowledge of the information in Lesson 4, "Configuration Management." The questions are also available on the companion CD if you prefer to review them in electronic form.
| Answers | Answers to these questions and explanations of why each answer choice is right or wrong are located in the "Answers" section at the end of the book. |
| Which methods of the Configuration class are valid ways to open a configuration file? (Choose all that apply.)
| | |
| What method causes settings to be read from an IConfigurationSectionHandler object?
| |
Answers
| Correct Answers: A, B, C, and D
| |
| Correct Answer: A
|
Subscribe to:
Posts (Atom)